[ISN] Linux Advisory Watch - January 18th 2002

From: InfoSec News (isnat_private)
Date: Sat Jan 19 2002 - 20:59:19 PST

  • Next message: InfoSec News: "Re: [ISN] Security gurus welcome Microsoft's goal"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  January 11th, 2002                       Volume 3, Number  3a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for imp, horde, x-chat, gzip, glibc,
    cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff,
    bugzilla, and uuxqt.  The vendors include Caldera, Conectiva, Debian,
    EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE.
    
    FREE Apache SSL Guide from Thawte Certification - Do your online customers
    demand the best available protection of their personal information?
    Thawte's guide explains how to give this to your customers by implementing
    SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
    Guide
    
      http://www.gothawte.com/rd176.html 
      
    
    Why be vulnerable? Its your choice. - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
    
     Save 10% and Free Shipping on all Guardian Digital Secure Servers! 
     http://store.guardiandigital.com
    
    
      
    +---------------------------------+
    | imp / horde                     | ----------------------------//
    +---------------------------------+
    
    The webmail frontend IMP has a cross site scripting problem, allowing a
    remote attacker to send you an E-mail with a malformed URL that when
    clicked on will open your mail session to the attacker, allowing him to
    read and delete your E-mails.
    
     Caldera OpenLinux: 
     ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS 
    
     RPMS/horde-1.2.7-1.i386.rpm 
     53a9d75c760851f79fa72cb451416f96 
    
     RPMS/imp-2.2.7-1.i386.rpm 
     4bb1af4dcd98af6f168543476f691b95 
    
     Caldera Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/caldera_advisory-1798.html
    
    
      
    +---------------------------------+
    | X-Chat                          | ----------------------------//
    +---------------------------------+
    
    It is possible to trick XChat IRC clients into sending arbitrary commands
    to the IRC server they are on, potentially allowing social engineering
    attacks, channel takeovers, and denial of service. This problem exists in
    versions 1.4.2 and 1.4.3.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     xchat-gnome_1.4.3-1_i386.deb 
     MD5 checksum: 2eb90d6a77af6c2475a976d282d76377 
      
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/xchat-text_1.4.3-1_i386.deb 
     MD5 checksum: 9701ca60219d4ac8981293763474f14c 
    
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/xchat_1.4.3-1_i386.deb 
     MD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e 
    
     XChat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1802.html
    
    
      
    +---------------------------------+
    | gzip                            | ----------------------------//
    +---------------------------------+
    
    GOBBLES found a buffer overflow in gzip that occurs when compressing files
    with really long filenames.  Even though GOBBLES claims to have developed
    an exploit to take advantage of this bug, it has been said by others that
    this problem is not likely to be exploitable as other security incidents.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/gzip_1.2.4-33.1_i386.deb 
    
     MD5 checksum: b61176ee1953b528e50268995e6c2505 
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1803.html
    
    
      
    
    +---------------------------------+
    |  glibc                          | ----------------------------//
    +---------------------------------+
    
    A buffer overflow has been found in the globbing code for glibc. This code
    which is used to glob patterns for filenames and is commonly used in
    applications like shells and FTP servers.
    
     PLEASE SEE VENDOR ADVISORY 
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1804.html 
    
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-1800.html
    
    
    
      
    +---------------------------------+
    | cipe                            | ----------------------------//
    +---------------------------------+
    
    Larry McVoy found a bug in the packet handling code for the CIPE VPN
    package: it did not check if a received packet was too short and could
    crash.
    
     Debian Architecture independent archives: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-all/cipe-common_1.3.0-3_all.deb 
     MD5 checksum: bbfe46765a76bce4f4ce6f9855eee717 
      
     http://security.debian.org/dists/stable/updates/main/ 
     binary-all/cipe-source_1.3.0-3_all.deb 
     MD5 checksum: c380864ae382aff742f08869f89848f6 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1805.html
    
    
    
    +---------------------------------+
    |  sudo                           | ----------------------------//
    +---------------------------------+
    
    Sebastian Krahmer from SuSE found a vulnerability in sudo which could
    easily lead into a local root exploit. This problem has been fixed in
    upstream version 1.6.4 as well as in version 1.6.2p2-2.1 for the stable
    release of Debian GNU/Linux.
    
     Debian Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/main/ 
     binary-i386/sudo_1.6.2p2-2.1_i386.deb 
     MD5 checksum: 793c815263a64e63108628ed31537dfe 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1807.html 
      
     Mandrake 8.0: 
     http://www.mandrakesecure.net/en/ftp.php 
    
     8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm 
     6485ad4e345eb0e4920f856d65808235 
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1816.html 
    
    
     NetBSD: 
     ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/ 
     packages-5-current/security/sudo-1.6.4.1.tgz 
    
     NetBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html 
      
    
     EnGarde sudo: 
     i386/sudo-1.6.4-1.0.6.i386.rpm 
     MD5 Sum: 83fceade44a6d263647653351c2acade 
    
     i686/sudo-1.6.4-1.0.6.i686.rpm 
     MD5 Sum: 8b8c9344cbc950cd9fd4f2fc1c3136f8 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1809.html 
      
    
     Conectiva: 
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     sudo-1.6.4p1-1U70_1cl.i386.rpm 
    
     ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
     sudo-doc-1.6.4p1-1U70_1cl.i386.rpm 
    
     Conectiva Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1813.html 
      
    
     SuSE i386 Intel Platform: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/ 
     ap1/sudo-1.6.3p7-71.i386.rpm 
     b98f00f761274530bfad3486253bed53 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1806.html 
      
    
     Red Hat i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     sudo-1.6.4-0.7x.2.i386.rpm 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1812.html
    
    
      
    +---------------------------------+
    | at                              | ----------------------------//
    +---------------------------------+
    
    zen-parse found a bug in the current implementation of at which leads into
    a heap corruption vulnerability which in turn could potentially lead into
    an exploit of the daemon user.
    
     Debain Intel ia32 architecture: 
     http://security.debian.org/dists/stable/updates/ 
     main/binary-i386/at_3.1.8-10.1_i386.deb 
     MD5 checksum: 8af8ea462718b6bee748b2a809834d2e 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1818.html 
      
     i386 Intel Platform: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/ 
     7.3/ap1/at-3.1.8-459.i386.rpm 
     db3d2bd38f81667dcece38d1c4a86725 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1817.html
    
    
      
    +---------------------------------+
    |  stunnel                        | ----------------------------//
    +---------------------------------+
    
    All versions of stunnel from 3.15 to 3.21c are vulnerable to format string
    bugs in the functions which implement smtp, pop, and nntp client
    negotiations.  Using stunnel with the "-n service" option and the "-c"
    client mode option, a malicious server could use the format sting
    vulnerability to run arbitrary code as the owner of the current stunnel
    process.  Version 3.22 is not vulnerable to this bug.
    
     http://www.mandrakesecure.net/en/ftp.php 
    
     Mandrake Linux 8.1: 
     8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm 
     08204f11728f2c6b6152de9ebb562ac5 
    
     8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpm 
     e85fbd3435759fa7b94bb5c371738b30  
    
     Mandrake Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/mandrake_advisory-1828.html
    
    
      
    +---------------------------------+
    |  netbsd-kernel                  | ----------------------------//
    +---------------------------------+
    
    A process could exec a setuid binary, while gaining ptrace control over it
    for a short period before the process was activated. The ptrace controller
    process could then modify the address space of the controlled process and
    abuse its elevated privileges.
    
     PLEASE SEE VENDOR ADVISORY 
    
     NetBSD Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html
    
    
      
    +---------------------------------+
    | slashcode                       | ----------------------------//
    +---------------------------------+
    
    Slash, the code that runs Slashdot and many other web sites, has a
    vulnerability in recent versions that allows any logged-in user to log in
    as any other user.  This allows users to take nearly full control of a
    Slash system (post and delete stories, posting stories, edit users, post
    as other users, etc., and do anything that a Slash user can do) by logging
    in to an adminstrator's Slash account.
    
     PLEASE SEE VENDOR ADVISORY 
    
     Slashcode Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1799.html
    
    
      
    +---------------------------------+
    |  pine                           | ----------------------------//
    +---------------------------------+
    
    There is a vulnerability in pine which can allow an attacker to execute
    arbitrary commands on a victims machine by sending them a
    specially-crafted URL which is then mishandled by pine's URL handling
    code.
    
     EnGarde: 
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
     i386/pine-4.33-1.0.6.i386.rpm 
     MD5 Sum: 4b1d60e1e7ccb3a8a511db42877f0b15 
    
     i686/pine-4.33-1.0.6.i686.rpm 
     MD5 Sum: 995ed060b84adb05b5b274d353becd91 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1810.html 
      
     Slackware Updated pine package for Slackware 8.0: 
     ftp://ftp.slackware.com/pub/slackware/ 
     slackware-8.0/patches/packages/pine.tgz 
    
     Slackware Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/slackware_advisory-1801.html
    
    
    
      
    +---------------------------------+
    |  lids                           | ----------------------------//
    +---------------------------------+
    
    Recently there were several local vulnerabilities discovered in the LIDS
    system used by EnGarde Secure Linux which could allow an attacker to gain
    root, and even disable LIDS completely.
    
     EnGarde: 
     ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
     PLEASE SEE VENDOR ADVISORY 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1811.html
    
    
      
    +---------------------------------+
    | groff                           | ----------------------------//
    +---------------------------------+
    
    New groff packages have been made available that fix an overflow in groff.
    If the printing system running this is a security issue, it is recommended
    to update to the new, fixed packages.
    
     Red Hat i386: 7.2 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     groff-1.17.2-7.0.2.i386.rpm 
     f3181dd6c32ffc9478721244b77c89af 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1808.html
    
    
      
      
    +---------------------------------+
    |  bugzilla                       | ----------------------------//
    +---------------------------------+
    
    This new version fixes several security issues discovered since version
    2.14 was released, which are too serious to wait for the upcoming 2.16
    release.
    
     Red Hat Powertools 7.1: 
     noarch: 
     ftp://updates.redhat.com/7.1/en/powertools/noarch/ 
     bugzilla-2.14.1-2.noarch.rpm 
     dd9607075ee2e4186f153b5587fb8ec0 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1814.html
    
    
      
    
    +---------------------------------+
    |  uuxqt                          | ----------------------------//
    +---------------------------------+
    
    uuxqt in Taylor UUCP package does not properly remove dangerous long
    options, which allows local users to gain uid and gid uucp privileges by
    calling uux and specifying an alternate configuration file with the
    --config option.
    
     Red Hat Linux 7.2: i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     uucp-1.06.1-32.i386.rpm 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1829.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:09:25 PST